Arthur J. Fried, a Member of the Firm in the Health Care and Life Sciences practice, in the firm’s New York office, was quoted in the Bloomberg BNA Health Care Daily Report, in “Hospital Hit with $3.2M Penalty for Ongoing Health Data Security Lapses,” by James Swann. (Read the full version – subscription required.)

It's unusual for this type of HIPAA matter to be resolved by a penalty rather than a resolution agreement, Arthur Fried, a health-care attorney with Epstein Becker Green in Washington, told Bloomberg BNA Feb. 1.

Fried said the hospital's decision not to challenge the penalty, or reach a settlement, might have been influenced by a desire to avoid a corrective action plan. Most resolution agreements include a corrective action plan, which normally lasts three years, Fried said.

“The hospital might have made the determination to pay the penalty and avoid the corrective action plan so as to avoid having the OCR breathing down their neck for several years,” Fried said.

Fried said penalties of this level are typically reserved for situations where an organization is aware of a HIPAA vulnerability but takes no action to remedy it.